System for controlling access and distribution of digital property

DC CAFC

US 6,314,409 B2
Filed: 10/26/1998
Issued: 11/06/2001
Est. Priority Date: 01/11/1996
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of distributing data, the method comprising:

protecting portions of the data; and

openly distributing the protected portions of the data, whereby each and every access to an unprotected form of the protected portions of the data is limited in accordance with rules defining access rights to the data as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data.

View all claims

17 Assignments

Timeline View

Assignment View

Litigations

7 Petitions

Accused Products

Abstract

A method and device are provided for controlling access to data. Portions of the data are protected and rules concerning access rights to the data are determined. Access to the protected portions of the data is prevented, other than in a non-useable form; and users are provided access to the data only in accordance with the rules as enforced by a mechanism protected by tamper detection. A method is also provided for distributing data for subsequent controlled use of those data. The method includes protecting portions of the data; preventing access to the protected portions of the data other than in a non-useable form; determining rules concerning access rights to the data; protecting the rules; and providing a package including: the protected portions of the data and the protected rules. A user is provided controlled access to the distributed data only in accordance with the rules as enforced by a mechanism protected by tamper protection. A device is provided for controlling access to data having protected data portions and rules concerning access rights to the data. The device includes means for storing the rules; and means for accessing the protected data portions only in accordance with the rules, whereby user access to the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data.

1014 Citations

43 Claims

1. A method of distributing data, the method comprising:
- protecting portions of the data; and
  
  openly distributing the protected portions of the data, whereby each and every access to an unprotected form of the protected portions of the data is limited in accordance with rules defining access rights to the data as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. A method as in claim 1, wherein
- 3. A method as in claim 2, wherein the encrypting of portions of the data encrypts the portions of the data with a data encrypting key, the data encrypting key having a corresponding data decrypting key, the method further comprising:
  - encrypting the data encrypting key.
- 4. A method as in claim 3, further comprising:
  - providing a decrypting key corresponding to the key encrypting key.
- 5. A method as in claim 1, wherein the data represent at least one of software, text, numbers, graphics, audio, and video.
- 6. A method as in claim 1, wherein the rules indicate which users are allowed to access the protected portions of the data, the method further comprisingallowing the user access to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data.
- 7. A method as in claim 1 wherein the rules indicate distribution rights of the data, the method further comprising:
  - allowing distribution of the unprotected form of the protected data portions only in accordance with the distribution rights indicated in the rules.
- 8. A method as in claim 1, wherein the rules indicate access control rights of the user, the method further comprising:
  - allowing the user to access the unprotected form of the protected data portions only in accordance with the access control rights indicated in the rules.
- 9. A method as in claim 8, wherein the access control rights include at least one of:
  - local display rights, printing rights, copying rights, execution rights, transmission rights, and modification rights.
- 10. A method as in claim 1, wherein the rules indicate access control quantities, the method further comprising:
  - allowing access to the unprotected form of the protected data portions only in accordance with the access control quantities indicated in the rules.
- 11. A method as in claim 10, wherein the access control quantities include at least one of:
  - a number of allowed read-accesses to the data;
    
    an allowable size of a read-access to the data;
    
    an expiration date of the data;
    
    an intensity of accesses to the data;
    
    an allowed level of accuracy and fidelity; and
    
    an allowed resolution of access to the data.
- 12. A method as in claim 1, wherein the rules indicate payment requirements, the method further comprising:
  - allowing access to the unprotected form of the protected data portions only if the payment requirements indicated in the rules are satisfied.
- 13. A method as in claim 1, wherein the rules relate to at least one of:
  - characteristics of users;
    
    characteristics of protected data; and
    
    environmental characteristics.
- 14. A method as in claim 1 wherein the rules defining access rights include at least one internal rule built in the access mechanism.
- 15. A method as in claim 14 wherein the at least one internal rule cannot be made less restrictive by any other rules.
- 16. A method as in claim 14 wherein the access mechanism is contained in a stand-alone device.
- 17. A method as in claim 16 wherein the stand-alone device is selected from the group consisting of:
  - a facsimile machine, a television, a VCR, a laser printer, a telephone, a laser disk player, and a computer system.
- 18. A method as in claim 1,wherein the access mechanism is contained in a stand-alone device selected from the group comprising:
  - a facsimile machine, a television, a VCR, a laser printer, a telephone, a laser disk player, and a computer system; and
    
    wherein the rules defining access rights include at least one internal rule built-in to the access mechanism; and
    
    wherein the at least one internal rule comprises access control rights to the data.
- 19. A method as in claim 1, further comprising:
  - providing a distribution rule, wherein the rules defining access rights comprise the distribution rule and at least one internal rule built in to the access mechanism.
- 20. A method as in claim 19 wherein the protecting of portions of the data comprises encrypting the portions of the data using a data encrypting key having a corresponding data decrypting key, and wherein the distribution rule comprises a data decrypting key.

21. A method of distributing data for subsequent controlled use of the data by a user, the method comprising:
- protecting portions of the data;
  
  protecting rules defining access rights to the data; and
  
  openly distributing the protected portions of the data and the protected rules, whereby controlled access to an unprotected form of the protected portions of the data is provided only in accordance with the rules as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data.

22. A method of distributing data for subsequent controlled use of the data by a user, some of the data having access rules already associated therewith, the access rules defining access rights to the data, the method comprising:
- protecting portions of the data;
  
  providing rules defining access rights to the data;
  
  combining the provided rules with rules previously associated with the data;
  
  protecting the combined rules; and
  
  openly distributing the protected portions of the data and the protected combined rules, whereby controlled access to the unprotected form of the protected portions of the data is provided only in accordance with the combined rules as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data.

23. A method of controlling secondary distribution of data, the method comprising:
- protecting portions of the data;
  
  protecting rules defining access rights to the data;
  
  openly providing the protected portions of the data and the protected rules to a device having an access mechanism; and
  
  limiting transmission of the protected portions of the data from the device (a) only as protected data or (b) in accordance with the rules as enforced by the access mechanism, so that unauthorized access to the protected portions of the data is not to an unprotected form of the protected portions of the data.

24. A method of accessing openly distributed data, the method comprising:
- obtaining openly distributed data having protected data portions and rules defining access rights to the protected data portions; and
  
  limiting each and every access to an unprotected form of the protected data portions in accordance with the rules as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data portions.

25. A device for displaying images represented by data comprising protected data portions and rules defining access rights to the data, the device comprising:
- means for storing the rules;
  
  an access mechanism for accessing the data only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data, the access being enforced by the access mechanism; and
  
  means for displaying the images represented by the accessed data.
- View Dependent Claims (26, 27, 28, 29)
- - 26. A device as in claim 25 wherein the rules defining access rights include at least one internal rule built in the access mechanism.
  - 27. A device as in claim 26 wherein the internal rules cannot be made less restrictive by any other rules.
  - 28. A device as in claim 26 wherein the internal rules limit the device only to being an output device.
  - 29. A device as in claim 26 wherein the device is selected from the group consisting of:
    - a VCR, a laser disk player, and a computer system.

30. A device for outputting images represented by data comprising protected data portions and rules defining access rights to the data, the device comprising:
- means for storing the rules;
  
  an access mechanism for accessing the data only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data, the access being enforced by the access mechanism; and
  
  means for outputting the images represented by the accessed data.

31. A device for outputting an audio signal represented by data comprising protected data portions and rules defining access rights to the data, the device comprising:
- means for storing the rules;
  
  an access mechanism for accessing the data only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data, the access being enforced by the access mechanism; and
  
  means for outputting the audio signal represented by the accessed data.

32. A device for outputting an output signal based on data comprising protected data portions and rules defining access rights to the data, the device comprising:
- means for storing the rules;
  
  an access mechanism for accessing the data only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data, the access being enforced by the access mechanism; and
  
  means for outputting the output signal represented by the accessed data.

33. A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data, the device comprising:
- means for storing the rules;
  
  an access mechanism for accessing the digital data only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data; and
  
  means for generating the output signal from the accessed data.

34. A device for distributing data for subsequent controlled use of the data by a user, the device comprising:
- means for protecting portions of the data;
  
  means for protecting rules defining access rights to the data; and
  
  means providing the protected portions of the data and the protected rules;
  
  whereby a user is provided controlled access to the data only in accordance with the rules as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to an unprotected form of the protected portions of the data.

35. A device for distributing data for subsequent controlled use of the data by a user, some of the data having access rules already associated therewith, the access rules defining access rights to the data, the device comprising:
- means for protecting portions of the data;
  
  means for providing rules concerning access rights to the data;
  
  means for combining the provided rules with rules previously associated with the data;
  
  means for protecting the combined rules; and
  
  means for providing the protected portions of the data and the protected combined rules;
  
  whereby the user is provided controlled access to an unprotected form of the protected portions of the data only in accordance with the combined rules as enforced by an access mechanism, so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected portions of the data.

36. A process control system comprising a device for controlling access to data, the data comprising protected data portions and rules defining access rights to the data, the device comprising:
- means for storing the rules; and
  
  an access mechanism for accessing the unprotected form of the protected data portions only in accordance with the rules, whereby output of an unprotected form of the protected data portions is permitted by the access mechanism only in such manner as is permitted by the rules.
- View Dependent Claims (37)
- - 37. A process control system as in claim 36 wherein the rules defining access rights include at least one internal rule built in the access mechanism.

38. A general purpose computer system comprisinga device for controlling access to data, the data comprising protected data portions and rules defining access rights to the data, the device comprising:
- storage means for storing the rules; and
  
  an access mechanism for accessing the unprotected form of the protected data portions only in accordance with the rules, whereby user access to an unprotected form of the protected data portions is permitted by the access mechanism only if the rules indicate that the user is allowed to access the protected portions of the data.
- View Dependent Claims (39, 40, 41, 42, 43)
- - 39. A computer system as in claim 38 wherein the rules defining access rights include at least one internal rule built in the access mechanism.
  - 40. A computer system as in claim 38 wherein the system is implemented at various levels, and wherein at least one low level effectively defines a virtual machine in which the access mechanism is implemented, and wherein
- 41. A computer system as in claim 40 wherein the various levels of the computer system comprise:
  - an application environment level;
    
    an operating system (OS) level which is at a lower level than the application environment level; and
    
    a Basic Input/Output System (BIOS) level which is lower than OS level, and wherein the access mechanism is preferably implemented at or below the BIOS level.
- 42. A computer system as in claim 40 wherein the implementation of the access mechanism prevents a user from by-passing the access mechanism and thereby prevents a user circumventing rule enforcement by the access mechanism.
- 43. A computer system as in claim 40 wherein a mechanism implemented at a particular level can invoke only its implementation level and the level immediately below its implementation level.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Hanger Solutions, LLC (IP Investments Group LLC)
Original Assignee
Veridian Information Solutions, Inc.
Inventors
Abrams, Marshall D., Schneck, Paul B.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US09/178,606
Publication Number

US 20010021926A1
Time in Patent Office

1,107 Days
Field of Search

395/186, 395/187.01, 395/188.01, 380/4, 380/23, 380/25, 380/49, 380/50, 380/59, 380/200-204, 380/210, 380/255, 380/259, 380/277, 380/278, 380/279, 380/29, 380/30, 380/287, 705/43, 705/51, 705/52, 705/54, 705/57, 705/58, 713/150-152, 713/182, 713/189, 713/193, 713/194, 713/200, 713/201, 713/202
US Class Current

705/54
CPC Class Codes

G06F 21/1011   to devices

G06F 21/1062   Editing

G06F 21/1063   Personalisation

G06F 21/109   by using specially-adapted ...

G06F 21/16   Program or content traceabi...

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/86   Secure or tamper-resistant ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/018 : Certifying business or prod...

G11B 20/00673 : wherein the erased or nulli...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2463/101 : applying security measures ...

H04L 63/0428 : wherein the data content is...

H04L 9/08 : Key distribution or managem...

H04L 9/0822 : using key encryption key

View All

System for controlling access and distribution of digital property

First Claim

17 Assignments

Litigations

7 Petitions

Accused Products

Abstract

1014 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

System for controlling access and distribution of digital property

First Claim

17 Assignments

Subscription Required

Subscription Required

Litigations

7 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1014 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links